Mobile app version of vmapp.org
Login or Join
Ravi8258870

: Is unique IP address a must for SSL? The shared hosting company told me that if I buy an IP address then it will be applicable for the addon domains too. What does it mean? Then the SSL

@Ravi8258870

Posted in: #Https #IpAddress #SecurityCertificate

The shared hosting company told me that if I buy an IP address then it will be applicable for the addon domains too. What does it mean? Then the SSL certificate won't work since there will be more than 2 domains in one IP (if I add an addon domain)? If the SSL certificate works with one IP where is hosted two different domains then why it does not work on a shared host?

10.06% popularity Vote Up Vote Down


Login to follow query

More posts by @Ravi8258870

3 Comments

Sorted by latest first Latest Oldest Best

 

@Turnbaugh106

Hosting multiple SSL-enabled websites on single server usually needs single IP address per site, but SAN SSL Certificate can solve this difficulty. MS IIS 6 and Apache are both able to Virtual Host HTTPS sites using UC Certificate, also known as SAN certificates.

Using a SAN certificate saves you the hassle and time involved in configuring multiple IP addresses on your Exchange 2007 server, binding each IP address to a different certificate, and running a lot of low level Power Shell commands just to piece it all together.

Effortless and trouble-free to maintain than putting multiple IP addresses on your server and assigning a different certificate to each.

10% popularity Vote Up Vote Down


 

@Lee4591628

It means that all domain hosted by you will assign your IP. But you can restrict host to set IP only for specific domain. SSL certificate secured applied on domain but domain should be on dedicated IP. Some SSL certificate also can secure multiple domain like geotrust multidomain ev. On shared hosting there are multiple domain on same hosting so your IP also hosting some other client's domain. So it is not secure thats why it will not work.

10% popularity Vote Up Vote Down


 

@Goswami781

NOTE: While this answer was accurate at the time it was written and accepted, it is no longer correct. There are other answers here that address SNI which allows multiple SSL certificates per IP address.







Yes, you need a dedicated IP address for your SSL certificate. The following article explains exactly why:


SSL certificates on Sites with Host Headers


The key paragraph is:


It's a chicken and egg problem: The
host name is encrypted in the SSL blob
that the client sends. Because the
host name is part of the binding IIS
needs the host name to lookup the
right certificate. Without the host
name IIS can't lookup the right site
because the binding is incomplete.
Without the certificate IIS can't
decrypt the SSL blob that contains the
host name. Game over - we are turning
in circles.


There is a way to use SSL certificates with host headers on a shared IP address, but you still need to get that first IP address:


But there is a way if you need two
different sites on the same IP:Port.
You can accomplish this by getting a
certificate that contains both common
names, i.e. sitev1.mysite.com and
sitev2.mysitem.com. Cert Authorities
usually allow more than one so called
"common names" in a certificate. By
binding the certificate to one of the
two sites you won't not get
certificate errors anymore. The client
is happy if one of the names in the
certificate matches.


When your hoster says "then it will be applicable for the addon domains too.", what they mean is either you can you use:


a wildcard SSL e.g. *.example.com then more than one site that is a host in example.com can share the IP address, for example example.com, webmail.example.com and so on.
a Subject Alternative Names SSL that permits more than one domain to be secured using the same SSL, for example: www.globalsign.co.uk/ssl/buy-ssl-certificates/unified-communications-ssl/

10% popularity Vote Up Vote Down


Back to top | Use Dark Theme